chore(deps): bump @noble/ed25519 from 3.0.0 to 3.0.1 by dependabot[bot] · Pull Request #382 · RocketChat/homeserver

dependabot · 2026-03-20T15:17:37Z

Bumps @noble/ed25519 from 3.0.0 to 3.0.1.

Release notes

Sourced from @noble/ed25519's releases.

3.0.1

Fix a low-severity issue affecting verify

An attacker with an access to secret key was able to produce signatures, which were valid for all messages for their secret key

Impact: low, primarily systems which rely on non-repudiation

Special thanks to folks who've reported the issue: Yituo He (a.k.a. @HaveYouTall) and @sunyxedu

Speed-up everything 1.5x using new modP with HAC 14.47, HAC 14.50.

Contributed by @georg95 in paulmillr/noble-ed25519#117.

keygen x 10,594 ops/sec @ 94μs/op => 14,610 ops/sec @ 68μs/op

sign x 5,267 ops/sec @ 189μs/op => 7,225 ops/sec @ 138μs/op

verify x 1,203 ops/sec @ 830μs/op => 1,972 ops/sec @ 506μs/op

Full Changelog: paulmillr/noble-ed25519@3.0.0...3.0.1

Commits

3106033 Release 3.0.1.
b0bc470 Speed-up everything 1.5x using new modP with HAC 14.47, HAC 14.50.
a8a97b8 Harden verification logic
5cdab04 Allow serialization of ZERO point, mirror noble-curves
fc808c6 Add modP helper for future speed-up
fc087df Clarify zip215.
1ee5a26 readme: note on suf-cma
9554dd3 readme
00fc0dc ci: Update jsbt
0f2958a readme
See full diff in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @noble/ed25519 since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [@noble/ed25519](https://github.com/paulmillr/noble-ed25519) from 3.0.0 to 3.0.1. - [Release notes](https://github.com/paulmillr/noble-ed25519/releases) - [Commits](paulmillr/noble-ed25519@3.0.0...3.0.1) --- updated-dependencies: - dependency-name: "@noble/ed25519" dependency-version: 3.0.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

cubic-dev-ai

No issues found across 2 files

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 20, 2026

cubic-dev-ai bot reviewed Mar 20, 2026

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump @noble/ed25519 from 3.0.0 to 3.0.1#382

chore(deps): bump @noble/ed25519 from 3.0.0 to 3.0.1#382
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/bun/noble/ed25519-3.0.1

dependabot bot commented on behalf of github Mar 20, 2026

Uh oh!

cubic-dev-ai bot left a comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Mar 20, 2026

3.0.1

Uh oh!

cubic-dev-ai bot left a comment

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants